Metro Presort is committed to ensuring that all information transmitted between the customer and our platform is completely secure. The security of this information also extends to any information transmitted between the customer and the consumer, for example a credit card number.
The rigorous Information Security Standards maintained by Metro Presort are accomplished with many checks and balances. For example, having high internal standards for our employees and the appropriate internal and external security controls are at the top of the list.
Annually, we stay up-to-date, we look for ways to improve Information Security company wide and are audited and certified for SOC 2 Type 2, HIPAA and PCI.
Metro Presort offers use of a website for the customer to receive payment and interact with their consumers. As such, the process of accepting payments must be PCI Compliant. The PCI Security Standards Council was formed in 2006 with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The Council provides a framework of tools, specifications and measurements to help the broaden the awareness of organizations to ensure the safe handling of cardholder data at every step. This framework serves as a guide for organizations to develop a robust payment card data security process. For more information visit www.pcisecuritystandards.org.
SOC 2 Compliance
The SOC 2 report focuses on a businesses non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality and privacy of a system. Each of the criteria have corresponding points of focus, which must be met to demonstrate adherence to the overall criteria and produce an unqualified opinion. As these controls change annually, we update our security and internal processes to stay in-step with the requirements.
HIPAA stands for the Health Insurance Portability and Accountability Act and is a U.S. federal law enacted in 1996 as an attempt at incremental healthcare reform. Today, HIPAA compliance mainly revolves around the protecting the privacy and security of patients’ health information. As a Business Associate for many Healthcare Organizations, Metro Presort is required to comply with HIPAA. Our compliance with the HIPAA requirements ensures we have the appropriate safeguards in place to protect the privacy of Personal Health Information (PHI). The compliance also dictates internal training, documentation of procedures as well as limits and conditions on the uses and disclosures that may be made of such information without patient authorization.
Medicare General Compliance (CMS)
The Secretary of the Department of Health and Human Services has designated the CMS (Centers for Medicare and Medicaid Services) as the administrator of the standards and compliance aspects of quality, safety and oversight programs. Medicare is a Federal insurance program providing a wide range of benefits for specific periods of time through providers and suppliers participating in the program. The Act designates those providers and suppliers that are subject to Federal health care quality standards. As such those providers and suppliers must be compliant with the standards set forth by the CMS.